Links

Thursday, February 10, 2011

wXf released, thoughts, comments

Today we've released the beta version (rough, rough version) of wXf by making the repository public. Over the last year we've worked on this code in an "on again - off again" fashion. Since we've started the project we've learned a lot. I know I've personally learned a ton about Ruby and Metaprogramming (check out Paola Perrotta's book if you get a chance). We've rewritten the code several times but we've reached the point where it is at least stable enough to release. Now others have the chance to improve on it.

We've gotten loads of feedback from the beta group (consisting of a few volunteers) which has helped us tremendously with some of the usability and documentation. Additionally, we've started to gauge what people do and do not want to see. We know that the AppSec community doesn't want another point and click tool and certainly doesn't need another scanner.

The biggest question posed to us over the last 11 months was "Why not merge with (insert framework here)". The answer is actually incredibly simple and is the basis for why we created the software. We'd like the community of testers/consultants/developers/etc to decide what they want to see most.

To have the ability to adapt an entire framework to the user base and change it as needed is only feasible if we a) have total flexibility in modifying ANY portion of the code and b) aren't pigeonholed into just one area of focus (exploitation, scanning).

Whether it be source code review, exploitation, enumeration, fuzzing modules, phishing, mobile appsec or whatever else.......... we'd like to glue together some of the ideas and scripts of the community at large. So please contribute. Submit bugs, provide feedback, help with the wiki or develop modules. Every little bit counts.